U.S. Gov't E-Mail Server Turns into Spam Cannon
The gaffe started after one man, Alex Greene, a manager at GKN Freight Services, sent a reply to the Daily Open Source Infrastructure Report, a round-up of security-related news reports, to change his subscription information.
The e-mail server sent Greene's reply to everyone on the DHS's subscriber list, which sent off a torrent of responses from recipients -- some humorous, some irritable -- which in turn were fired out again to all subscribers, according to the SANS Institute, a computer security monitoring organization. The cause of the problem was likely an erroneous change in the e-mail server's settings.
The error could cause big trouble if a hacker sent a bad e-mail attachment with a zero-day security vulnerability "to nail a few dozen gullible security professionals," Marcus Sachs wrote in the SANS diary, which documents security incidents.
"If you maintain a broadcast mailing list, make sure that the address will not reflect e-mail from sources other than the owner of the list," Sachs wrote. "Otherwise, you will become a training example for SANS."
Excerpts of some of the e-mails were published by The New York Times.
"Dear Mr. Alex Greene (the guy who started this mess). May the fleas of a thousand camels infest your armpits and may a yak in heat make love to your shin," wrote Michael B. Smith.
Others were more lighthearted and opportunistic about the mistake. "Well as long as we have a free for all going here, I'm job hunting," wrote Lt. Col. Mary Brown, a U.S. Air Force Reserve officer. "Anybody have anything open out there?
Department of Homeland Security
Receive the latest security news as it breaks.
